Cry about...
Oracle Troubleshooting

ORA-01017: Invalid username/password

Symptom:

Possible Causes and Remedies:

Normally this error indicates that either the username is not a
recognised username or that the password is incorrect.

If this error is encountered when no username or password have been
specified (i.e. when trying to use operating system authentication)
then operating system authentication may not have been set-up correctly.
In this case:

Check that the prefix used when defining the Oracle account
is the same as that specified by ‘OS_AUTHENT_PREFIX’
in the init-ora file. The default is ‘OPS$’.

Check the value of the registry key ‘OSAUTH_PREFIX_DOMAIN’.
In Oracle 7 this is located at ‘HKEY_LOCAL_MACHINE\ SOFTWARE\
ORACLE’, and for Oracle 8 at ‘HKEY_LOCAL_MACHINE\
SOFTWARE\ ORACLE\ HOMEn’. If this parameter does not
exist in the registry the default is ‘FALSE’ in
Oracle prior to 8.1.x, from 8.1.x onwards the deafult is ‘TRUE’.
If set ‘TRUE’ then ensure that the user name defined
using Oracle security manager is of the form ‘OPS$<DOMAIN>\<Username>’.
If the registry key is not set then it should be of the form
‘OPS$<Username>’. If the key ‘OSAUTH_PREFIX_DOMAIN’
does not exist and you wish to create it, it should be created
of type ‘REG_EXPAND_SZ’.

Check that the initialisation parameter ‘REMOTE_OS_AUTHET’
has been explicity set ‘TRUE’.

Less likely to be a cause, but check also that the server and
client are both running the same version of Oracle.

Some tools do not support the use of operating system authentication.
This includes the Oracle GUI tools. If a connection can be made
using operating system authentication with the command line server
manager (svrmgr30) then it is likely to be that the
tool does not support it. Some possibilities to try (none of these
are guaranteed to work, but each has been found to work with some
tools):

enter ‘@<service>’ as the username.

enter ‘/’ as the username and do not provide
a password. Some applications (possibly depending on the version
of Oracle connecting to) may require a space before and after
the slash.

enter ‘/@<service>’ as the username and do
not provide a password.

If this error is encountered when a username and/or password have
been specified then the cause is likely to be one of the following:

Check that an Oracle account has been created for the specified
username.

Check that the Oracle account is not ‘OPS$...’.
If it is then Oracle is using operating system authentication for
the account. Try logging in specifying no username or password.
In this case the NT account name must be the same as the Oracle
account name (less the ‘OPS$’).

If the Oracle account exists and the account is not named 'OPS$...’
then the password must be incorrect.

If this error is encountered whilst trying to connect to Oracle
as SYSOPER (but connecting as NORMAL works
fine) then the account lacks the SYSOPER privilege. To
obtain SYSOPER privilege run Oracle security manager and
grant the system privilege SYSOPER to the Oracle account.
Note:

The database must not be running in parallel server mode and
the password file must not be shared.

If the database is running in parallel server mode or the password
file is shared then only SYS or INTERNAL
can have SYSOPER privilege.

This page represents one page of many pages of notes I made whilst working
with Oracle 7 through to 10i. I now no longer work with Oracle databases,
but hope that these notes will continue to be of benefit to others.

About the author: Brian Cryer
is a dedicated software developer and webmaster. For his day job he
develops websites and desktop applications as well as providing
IT services. He moonlights as a technical author and consultant.